본문 바로가기
Network/VPN

[ VPN] GRE 터널 구성

by JINJINC 2023. 4. 18.
728x90
반응형

 GRE 터널 구성

R1 ▼

더보기 
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface Tunnel0
 ip address 10.1.1.1 255.255.255.0
 tunnel source 1.1.12.1
 tunnel destination 1.1.23.3
!
interface FastEthernet0/0
 ip address 192.168.1.254 255.255.255.0
!
interface FastEthernet0/1
 ip address 1.1.12.1 255.255.255.0
!
router eigrp 100
 network 10.1.1.1 0.0.0.0
 network 192.168.1.254 0.0.0.0
 no auto-summary
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 1.1.12.0 0.0.0.255 area 0

 

 

R2 

더보기 
interface Loopback0
 ip address 1.1.2.2 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/0
 ip address 1.1.12.2 255.255.255.0
!
interface FastEthernet0/1
 ip address 1.1.23.2 255.255.255.0
!
router ospf 1
 network 1.1.2.2 0.0.0.0 area 0
 network 1.1.12.0 0.0.0.255 area 0
 network 1.1.23.0 0.0.0.255 area 0

 

R3▼

더보기 
interface Loopback0
 ip address 1.1.3.3 255.255.255.0
 ip ospf network point-to-point
!
interface Tunnel0
 ip address 10.1.1.2 255.255.255.0
 tunnel source 1.1.23.3
 tunnel destination 1.1.12.1
!
interface FastEthernet0/0
 ip address 192.168.2.254 255.255.255.0
!
interface FastEthernet0/1
 ip address 1.1.23.3 255.255.255.0
!
router eigrp 100
 network 10.1.1.2 0.0.0.0
 network 192.168.2.254 0.0.0.0
 no auto-summary
!
router ospf 1
 log-adjacency-changes
 network 1.1.3.3 0.0.0.0 area 0
 network 1.1.23.0 0.0.0.255 area 0

 

 

 

위의 기본 구성이 완료되었을 때 , R1 f0/0 에서 wireshark 로 확인하였을 때, 비밀번호와 아이디가 노출되게 됩니다. 

 

 

 GRE 터널 + IPSec 적용

 

<R1>

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
exit

crypto isakmp key 6 fz007 address 1.1.23.3
exit

crypto ipsec transform-set IKE13 esp-3des esp-sha-hmac
exit


crypto map vpn13 10 ipsec-isakmp
 set peer 1.1.23.3
 set transform-set IKE13
 match address R13
exit

ip access-list extended R13
 permit ip host 192.168.1.1 host 192.168.2.1
exit

interface tunnel0
 crypto map vpn13

<R3>

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
exit

crypto isakmp key 6 fz007 address 1.1.12.1
exit

crypto ipsec transform-set IKE13 esp-3des esp-sha-hmac
exit


crypto map vpn13 10 ipsec-isakmp
 set peer 1.1.12.1
 set transform-set IKE13
 match address R13
exit

ip access-list extended R13
 permit ip host 192.168.2.1 host 192.168.1.1
exit

interface tunnel0
 crypto map vpn13

wireshark
wireshark

 

vpn

 

728x90
반응형
저작자표시 비영리 변경금지

'Network > VPN' 카테고리의 다른 글

[Network /VPN] DMVPN (Dynamic Multipoint VPN)  (0) 2023.04.19
[ Network / VPN] cisco SDM을 이용한 Secure GRE tunnel/site to site vpn 구성하기  (1) 2023.04.19
[ Server/ VPN] VPN 이란? , IPSEC 설정  (0) 2023.04.18

관련글

댓글

티스토리툴바